Google Warns Users About State-Sponsored Attacks

Google is in the process of deploying a new warning system for users of its services, who it believes could be under threat from cyber attacks by foreign governments.

It has been reported several times in the past that Google users have been the victim of attacks by foreign powers, most famously back in late 2009 when China was blamed for using the Aurora malware to attack Google.

However, Google is stepping up its efforts to prevent this happening in the future and is hoping to identify those most at risk before they become victims of an attack.

"Today, we're taking that a step further for a subset of our users, who we believe may be the target of state-sponsored attacks. If you see this warning [below] it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account," Google's Eric Grosse, VP of security engineering, said in a blog post.

Grosse also had tips for users in this subset. He recommends creating a unique password that has a good mix of capital and lowercase letters, as well punctuation marks and numbers. He also suggests enabling a 2-step verification as additional security as well as updating your browser, operating system, plugins, and document editors.

"Attackers often send links to fake sign-in pages to try to steal your password, so be careful about where you sign in to Google and look for https://accounts.google.com/ in your browser bar. These warnings are not being shown because Google's internal systems have been compromised or because of a particular attack," Grosse added.

Google was unwilling to say how it is able to identify which activity it believes to be state-sponsored, as it would mean giving away "information that would be helpful to these bad actors."

Dennis Fisher, writing on the Kaspersky Lab security news service called Threat Post believes Google's system of identifying these so-called "bad actors" might not be the most accurate:

"The ability for Google to show this kind of warning to users obviously means that the company has the capability to identify attacks that it believes are coming from foreign governments--or their hired guns. Identifying attackers by their source IP address is a notoriously inaccurate method and even that basic method would only provide a general geographic location and no information on the attacker's intent or affiliation."

Fisher does admit though that Google could be using that as a starting point, and extending it to include the identification of traffic from known-bad IP blocks.